General

  • Target

    8d3e1524f58f0432d0031b49218350faf5f936e1eb7b0394c58e316337e2c831

  • Size

    2.5MB

  • Sample

    220521-xxhw9scgd8

  • MD5

    5e4f6f9342dd61cb750a2bf2462e82a9

  • SHA1

    ea85b1c851ec413fb9f7a4df6b7990f67d20a623

  • SHA256

    8d3e1524f58f0432d0031b49218350faf5f936e1eb7b0394c58e316337e2c831

  • SHA512

    cba140903fc2a37395feef57732232ffdc8cac5031f79bf0e8c723fba82ebf143ce635906506b0a1c263b72ba17b956849fcc08d1d00f412efbc9ffa0a0a5f1a

Malware Config

Targets

    • Target

      8d3e1524f58f0432d0031b49218350faf5f936e1eb7b0394c58e316337e2c831

    • Size

      2.5MB

    • MD5

      5e4f6f9342dd61cb750a2bf2462e82a9

    • SHA1

      ea85b1c851ec413fb9f7a4df6b7990f67d20a623

    • SHA256

      8d3e1524f58f0432d0031b49218350faf5f936e1eb7b0394c58e316337e2c831

    • SHA512

      cba140903fc2a37395feef57732232ffdc8cac5031f79bf0e8c723fba82ebf143ce635906506b0a1c263b72ba17b956849fcc08d1d00f412efbc9ffa0a0a5f1a

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks